seclook is a macOS/Swift app that sits in the background and monitors your clipboard, sending any IP, SHA2/MD5 hash, or domain to VirusTotal and AbuseIPDB. If any scanned item has a bad reputation score, you get a notification!
- Automatically scan your clipboard for the following string types:
- IP addresses
- SHA2 hashes
- MD5 hashes
- Domains
- Receive notifications through macOS Notification Center when a scanned item has a bad reputation score
- Send scanned items to the following security lookup services:
- VirusTotal
- AbuseIPDB
- Add known-good items to an Ignore List
- Toggle scanning on/off:
- Universally using menu bar icon
- By string type
Use homebrew
brew install --cask seclook
Or download the latest Mac release here.
To start the app automatically at start up, add it to the "Open at Login" list in Settings > Login Items
I'm happy to merge contributions that fit my vision for the app (simple, background app). Bug fixes and more tests are always welcome.
No, at the moment this is out of scope, sorry.
seclook only sends the regex'ed string that was found (e.g., a single IP address such as 1.1.1.1). No other data from the clipboard ever leaves your computer.
Generally, you don't have to worry about your passwords being sent to lookup services as people's passwords are generally not a qualified string type (i.e., IP address, SHA2/MD5 hash, or domain).
seclook does not detect username/password combinations that are input from auto fill functions.
If you manually copy a hash value (i.e., API key) from a password manager desktop app that sets org.nspasteboard.ConcealedType (see NSPasteboard) for copied data (i.e., 1Password Desktop app), seclook will ignore the clipboard value and not send anything to lookup services.
If you manually copy a hash value from a password manager browser extension, there is not currently a way to detect org.nspasteboard.ConcealedType in this case, and seclook will send the hash value to lookup services. If you are concerned about this, you can disable scanning for SHA2/MD5 hashes in seclook's Settings pane.
- VirusTotal and AbuseIPDB for their awesome APIs